Advances in Cryptology -- EUROCRYPT 2015
Volume 9056 of the series Lecture Notes in Computer Science pp 584-613
On the Provable Security of the Iterated Even-Mansour Cipher Against Related-Key and Chosen-Key Attacks
- Benoît CogliatiAffiliated withUniversity of Versailles Email author
- , Yannick SeurinAffiliated withANSSI
Abstract
The iterated Even-Mansour cipher is a construction of a block cipher from \(r\) public permutations \(P_1,\ldots ,P_r\) which abstracts in a generic way the structure of key-alternating ciphers. The indistinguishability of this construction from a truly random permutation by an adversary with oracle access to the inner permutations \(P_1,\ldots ,P_r\) has been investigated in a series of recent papers. This construction has also been shown to be (fully) indifferentiable from an ideal cipher for a sufficient number of rounds (five or twelve depending on the assumptions on the key-schedule). In this paper, we extend this line of work by considering the resistance of the iterated Even-Mansour cipher to xor-induced related-key attacks (i.e., related-key attacks where the adversary is allowed to xor any constant of its choice to the secret key) and to chosen-key attacks. For xor-induced related-key attacks, we first provide a distinguishing attack for two rounds, assuming the key-schedule is linear. We then prove that for a linear key-schedule, three rounds yield a cipher which is secure against xor-induced related-key attacks up to \( \mathcal {O} (2^{\frac{n}{2}})\) queries of the adversary, whereas for a nonlinear key-schedule, one round is sufficient to obtain a similar security bound. We also show that the iterated Even-Mansour cipher with four rounds offers some form of provable resistance to chosen-key attacks, which is the minimal number of rounds to achieve this property. The main technical tool that we use to prove this result is sequential indifferentiability, a weakened variant of (full) indifferentiability introduced by Mandal et al. (TCC 2010).
Keywords
Block cipher Ideal cipher Related-key attacks Chosen-key attacks Iterated Even-Mansour cipher Key-alternating cipher Indifferentiability Correlation intractability- Title
- On the Provable Security of the Iterated Even-Mansour Cipher Against Related-Key and Chosen-Key Attacks
- Book Title
- Advances in Cryptology -- EUROCRYPT 2015
- Book Subtitle
- 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I
- Book Part
- 12
- Pages
- pp 584-613
- Copyright
- 2015
- DOI
- 10.1007/978-3-662-46800-5_23
- Print ISBN
- 978-3-662-46799-2
- Online ISBN
- 978-3-662-46800-5
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- 9056
- Series ISSN
- 0302-9743
- Publisher
- Springer Berlin Heidelberg
- Copyright Holder
- International Association for Cryptologic Research
- Additional Links
- Topics
- Keywords
-
- Block cipher
- Ideal cipher
- Related-key attacks
- Chosen-key attacks
- Iterated Even-Mansour cipher
- Key-alternating cipher
- Indifferentiability
- Correlation intractability
- Industry Sectors
- eBook Packages
- Editors
-
-
Elisabeth Oswald
(13)
-
Marc Fischlin
(14)
-
Elisabeth Oswald
- Editor Affiliations
-
- 13. University of Bristol
- 14. Technische Universität Darmstadt
- Authors
-
-
Benoît Cogliati
(15)
-
Yannick Seurin
(16)
-
Benoît Cogliati
- Author Affiliations
-
- 15. University of Versailles, Versailles, France
- 16. ANSSI, Paris, France
Continue reading...
To view the rest of this content please follow the download PDF link above.